Major web browsers are developed based on web engines, and provide extension interfaces intended for the extension of functionality. Here, such a web engine has a standard interface regardless of whether it is open source, and the interface is generally maintained in order to support downward compatibility. Furthermore, an interface that is provided to develop extended functionality also has the characteristic of being generally and continuously maintained in order to maintain downward compatibility. If a technology for controlling a web browser is developed using the characteristic of an interface being maintained as described above, there are the advantage of applying the same or similar control patterns to heterogeneous browsers developed using the same web engine, and the advantage of maintenance being relatively easy because there is a strong possibility of an interface being maintained even when a browser is upgraded.
Although various standards have been developed for the control of access to data present on the web and encryption in a network section and thus support has been provided regardless of the browser and the OS, right management associated with information sent to a client has not been standardized in connection with computer programming. Accordingly, the current management of rights to web data is commonly performed by applying a standard web specification or browser extension functionality.
First, examples of controlling the conversion of web information sent to a client using the web standard specification, such as scripts and cookies, include the blocking of the dragging of a mouse and the blocking of keyboard input. This scheme is not browser and OS-dependent, and can easily identify a protection target because the operating range of a script is the same as the range of the protection target. Furthermore, this scheme has the advantage of requiring no additional functionality in a web server. However, this scheme does not work when a browser does not support scripts or when the script operation is blocked, and the protection targets of this scheme are limited to HTML data to which the script operation can be applied. Furthermore, this scheme has the disadvantage of, if a script part is removed from transmitted information, allowing information to be easily extracted because the control operation is performed after all information has been sent, and the disadvantage of being helpless against the extraction of information via another extension present in a browser.
Meanwhile, the right management scheme using a browser extension is a method that invokes a browser extension in HTML and controls the functionality of a browser in the invoked browser extension. This scheme has the advantage of relatively easily identifying a protection target in that it is sufficient if only an invoked part is protected, and the advantage of requiring no additional functionality in a web server. In contrast, this scheme has the problem of having to be developed for each browser and each OS because it is browser and OS-dependent, and the problem of being unable to operate in a browser that does not provide browser extension functionality. In order to compensate for these problems, techniques, such as scripts and cookies, should be additionally employed, the shortcomings of which have been already described above.
The conventional web information protection schemes are focused on the protection of each file physically present on the web, and information that can be protected by the schemes is limited to information that can be programmed. That is, the conventional schemes limitedly offer protection to files having their own DRM format such as DRM Content Format (DCF), or to objects involving the control operation of JavaScript such as an HTML object. There is a need for a scheme that is capable of supporting right management at a protocol level in order to protect the rights of data objects that cannot be supported by the conventional schemes and that are generated in a fixed format or dynamically, such as images.